Injection: Change Detection - Server Side Template Injection¶
Identifier:
cve_2024_32651
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows remote command execution on the server host.
How we test: We test for server-side template injection vulnerabilities in changedetection.io by injecting Jinja2 template payloads and analyzing responses to detect if template code is executed, potentially leading to remote command execution.
Reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-32651
- https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3
- https://github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21
- https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.